OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsfed message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: New Issue: Add a "Supported Claims Dialect" element To FederationMetadata


PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER.

The issues coordinators will notify the list when that has occurred.

 

Protocol: wsfed

 

ws-federation-1.2-spec-ed-01.doc: http://www.oasis-open.org/apps/org/workgroup/wsfed/download.php/24422/ws-federation-1.2-spec-ed-01.doc

 

Artifact: spec

Type: design

 

Title: Add "Supported Claims Dialect” element To Federation Metadata

 

Description:

 

The specification allows a federation provider to advertise supported claim types but there is no means to advertise the specific dialects in which those claims may be expressed. The ability to advertise supported claims dialects should be added to federation metadata.

 

Related issues: None

 

Proposed Resolution:

Introduce a new sub-section under Section 3.1 to define a new [Federation Metadata] property that can be used to specify the supported claims dialects as follows:

 

3.1.xx ClaimDialectsOffered Element

 

The optional fed:ClaimDialectsOffered element allows a federation metadata provider to specify the list of dialects, named using URIs, that are accepted by its STS in token requests to express the claims requirement. A federated partner can use is list to decide which dialect to use to express its desired claims when requesting tokens from it. This specification defines one standard claims dialect in the subsequent section 9.3, but other claim dialects may be defined elsewhere for use in other scenarios. This element populates the [Federation Metadata] property. This is typically specified by token issuers and security token services. This is typically a service-level statement but can be an endpoint-level statement.

 

The schema for this optional element is shown below.

<fed:ClaimDialectsOffered>

<fed:ClaimDialect Uri="xs:anyURI" /> +

</fed:ClaimDialectsOffered>

 

 

The following describes the elements listed in the schema outlined above:

/fed:ClaimDialectsOffered

This element is used to express the list of claim dialects that the federating STS can understand and accept.

/fed:ClaimDialectsOffered/fed:ClaimDialect

This element indicates an individual claim dialect that the STS can understand.

/fed:ClaimDialectsOffered/fed:ClaimDialect/@Uri

This attribute provides the unique identifier (URI) of the individual claim dialect that the STS can understand.

/fed:ClaimDialectsOffered/fed:ClaimDialect/…

The semantics of any content for this element are undefined. Any extensibility or use of sub-elements MUST NOT alter the semantics defined in this specification.

/fed:ClaimDialectsOffered/fed:ClaimDialect/@{any}

This extensibility mechanism allows attributes to be added so long as they don’t violate or alter the semantics defined in this specification.

/fed:ClaimDialectsOffered/@{any}

This extensibility mechanism allows attributes to be added so long as they don’t violate or alter the semantics defined in this specification.

 

 

The following example illustrates using this optional element to specify that the issuing STS of the federating organization can accept the one standard claims dialect defined in this specification.

<fed:ClaimDialectsOffered>

<fed:ClaimDialect Uri="http://schemas.xmlsoap.org/ws/2005/05/fedclaims" />

</fed:ClaimDialectsOffered>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]